Most popular variants of the header value (we only show this when there's just a bunch of variants):

A misspelled and incorrect variant of the X-Frame-Options header introduced as a result of incorrect interpretation of RFC 7034 standard. The Frame-Options variant was introduced to be used in Content Security Policy (CSP) while for HTTP headers the X-Frame-Options remains the valid name.


We have seen 6 websites setting the Frame-Options HTTP header and 3 unique values of this header.